Category: Technical

An critical security vulnerability has been found on the unreleased master version of Mastodon. If your instance is running code from the tag v2.3.3 or older, it is not affected. If you are running a newer version that includes commit ca42f9b, it’s urgent that you upgrade and change your passwords stored in .env.production immediately!

I’m serving Free Radical’s images etc. from S3. When I updated to Mastodon v2.1.0, I noticed that all the page’s images were missing. Safari’s Show JavaScript Console menu revealed a lot of errors like:

[Error] Refused to load https://s3-us-west-2.amazonaws.com/freeradical-system/accounts/avatars/000/014/309/static/91f9782fad3f6284.png because it does not appear in the img-src directive of the Content Security Policy.

Turns out that some time between the releases of v2.0.0 and v2.1.0, the Mastodon switched from generating S3 URLs like:

https://freeradical-system.s3-us-west-2.amazonaws.com/...

to

https://s3-us-west-2.amazonaws.com/freeradical-system/...

Because I’d jumped through the hoops of setting up a Content-Security-Policy header, Safari wasn’t allowing those images to render. I had to change my CSP header in Nginx from:

If you’re using Mastodon on an iPhone, you’re probably using the excellent Amaroq client. For some very good reasons, it doesn’t have a built-in feature to translate toots into your own language. That’s OK, though. We can implement that ourselves!

This will walk you through the process of installing Workflow on your iPhone, then configuring Amaroq to use it to translate toots from your timeline. There are a lot of steps here, but most of them are for the one-time setup. Don’t worry: you won’t have to do all of these every time you want to read something written in French. Continue reading Translating toots with Workflow

This morning, I moved all of the user-generated content on Free Radical from local storage to S3. It was completely painless and Just Worked – yay! There are a few reasons why this can be a great idea: Continue reading Migrating media to S3